Veracode intros free cross-site scripting scan service

Security company Veracode has launched a free cross-site scripting (XSS) scanning service designed to enable developers to eradicate the errors responsible for more than half of the word's web application vulnerabilities.

XSS vulnerabilities typically allow hackers to inject malicious script into web pages by circumventing traditional validation systems. This can result in hijacked user sessions, web site defacement or user redirects to malicious sites.

The Veracode Free XSS Detection Service can be used for any Java-based application up to 20MB in size with a limit of one application per email address.

Customers will need to register an account with Veracode and supply metadata including build version before submitting for a scan.

The company will then provide a detailed report including remediation steps where appropriate and free access to Veracode's e-learning courses on XSS, said Veracode.

"XSS flaws are the most prevalent and the easiest to fix. There is no reason why apps should be built with XSS errors," said Veracode chief executive Matt Moynahan.

"Developers care about high quality code, but sometimes they are either not given the right specs or are not properly trained."

Moynahan added that Veracode is able to scan huge volumes of code quickly thanks to the cloud-based nature of the service.

"You can expect more free offerings from us in the future to showcase the power of the cloud," he added.